Integrate OpManager with FortiSIEM

OpManager integrates with FortiSIEM, an SIEM integration option that enables unified analysis and correlation to detect threats and performance issues. Once integrated, OpManager forwards critical alerts, data and logs to FortiSIEM in real-time. This integration helps to improve your security operations by identifying potential threats and optimizing incident response.

Configuration in FortiSIEM

  1. Steps to configure in FortiSIEM

Configuration in OpManager

  1. Configure Audit and Access logs
  2. Associate a Notification Profile

Configuration in FortiSIEM

Steps to configure in FortiSIEM

  • Deploy the FortiSIEM Supervisor, then install the collector node to start gathering data.
  • Register the collector node to the supervisor.
  • Enable Syslog UDP input on the collector.
    • Allow Port 514 (UDP) on Collector OS to receive the logs.
    • Ensure to enable the UDP Syslog in FortiSIEM.
  • You can create custom parsers and apply other customizations if required.
Note:
  1. Refer to the Fortinet document library for Syslog UDP host and port configuration.
  2. Ensure that 514 port or the specific port configured for receiving syslog is available and listening to the syslogs and not blocked in the firewall.

Configuration in OpManager

Configure Audit and Access logs

  • Go to Settings → General Settings → Integrations → SIEM (UDP/Syslog) - Configuration.
  • Enter the SIEM Application Name as 'FortiSIEM'.
  • Specify the Host name of the collector node.
  • Mention the syslog listening port in the Port field.
  • Select Send Access logs or choose Audit modules from the dropdown. You can also select both together based on your requirements.
  • Click on Save.

    • OpManager -FortiSIEM

Associate a Notification Profile

Follow the steps below to configure notification profile for IBM QRadar

  • Go to Settings → Notification Profile and click Add.
  • Select SIEM, then choose SIEM (UDP/Syslog).
  • Enter the required parameters, including Format, Severity, Facility, Description, and relevant Variables.
  • If required, enable structured message and provide the inputs in the required fields.
  • Click on Test Action to verify the profile configuration.

    • OpManager -FortiSIEM

  • Learn more about configuring criteria, devices, and time window in notification profiles here.
  • Click on Save.

Verifying the Integration

After the integrating ,you can check for the logs received from OpManager to FortiSIEM.

Know more about the integrations offered by OpManager

Know more about dynamic variables used in request body